FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

YUI JavaScript library -- JavaScript injection exploits in Flash components

Affected packages
yahoo-ui < 2.8.2

Details

VuXML ID d560b346-08a2-11e0-bcca-0050568452ac
Discovery 2010-10-25
Entry 2010-12-15

The YUI team reports:

A security-related defect was introduced in the YUI 2 Flash component infrastructure beginning with the YUI 2.4.0 release. This defect allows JavaScript injection exploits to be created against domains that host affected YUI .swf files.

References

CVE Name CVE-2010-4207
CVE Name CVE-2010-4208
CVE Name CVE-2010-4209
URL http://secunia.com/advisories/41955
URL http://www.openwall.com/lists/oss-security/2010/11/07/1
URL http://www.yuiblog.com/blog/2010/10/25/yui-2-8-2-security-update/
URL http://yuilibrary.com/support/2.8.2/